Add Request::parse_url.

Author: mleonhard

Cargo.toml

@@ -7,7 +7,7 @@ keywords = ["web", "http", "server", "async", "threaded"]
 license = "MIT OR Apache-2.0"
 name = "servlin"
 repository = "https://github.com/mleonhard/servlin"
-version = "0.7.0"
+version = "0.7.1"
 
 [features]
 default = []

Readme.md

@@ -103,7 +103,7 @@ Symbols:
 
 Functions  Expressions  Impls  Traits  Methods  Dependency
 
-0/0        0/0          0/0    0/0     0/0      🔒  servlin 0.7.0
+0/0        0/0          0/0    0/0     0/0      🔒  servlin 0.7.1
 0/0        0/0          0/0    0/0     0/0      🔒  ├── safina 0.6.0
 0/0        0/0          0/0    0/0     0/0      🔒  │   └── safina-macros 0.1.3
 0/0        0/0          0/0    0/0     0/0      🔒  │       ├── safe-proc-macro2 1.0.67
@@ -234,6 +234,7 @@ Functions  Expressions  Impls  Traits  Methods  Dependency
 See [rust-webserver-comparison.md](https://github.com/mleonhard/servlin/blob/main/rust-webserver-comparison.md).
 
 # Changelog
+- v0.7.1 2024-11-16 - Add [`Request::parse_url`].
 - v0.7.0 2024-11-06
    - `log_request_and_response` to log `duration_ms` tag.
    - Fix typo in function name `Response::internal_server_errror_500`.

src/lib.rs

@@ -101,6 +101,7 @@
 //! See [rust-webserver-comparison.md](https://github.com/mleonhard/servlin/blob/main/rust-webserver-comparison.md).
 //!
 //! # Changelog
+//! - v0.7.1 2024-11-16 - Add [`Request::parse_url`].
 //! - v0.7.0 2024-11-06
 //!    - `log_request_and_response` to log `duration_ms` tag.
 //!    - Fix typo in function name `Response::internal_server_errror_500`.

src/request.rs

@@ -95,7 +95,6 @@ impl Request {
                 panic!("error reading body: {e}");
             }
             serde_urlencoded::from_bytes(&buf).map_err(|e| {
-                // Does this make a cross-site-scripting (XSS) vulnerability?
                 Response::text(
                     400,
                     format!(
@@ -157,6 +156,29 @@ impl Request {
             Ok(Some(self.json()?))
         }
     }
+
+    /// Parses the request URL and deserializes it into type `T`.
+    ///
+    /// Treats a missing URL query string (`/foo`) as an empty query string (`/foo?`).
+    ///
+    /// # Errors
+    /// Returns an error when
+    /// - the URL parameters are mal-formed
+    /// - we fail to deserialize the URL parameters into a `T`
+    #[cfg(feature = "urlencoded")]
+    pub fn parse_url<T: serde::de::DeserializeOwned>(&self) -> Result<T, Response> {
+        use crate::util::escape_and_elide;
+        let url_str = self.url.query().unwrap_or_default();
+        serde_urlencoded::from_str(url_str).map_err(|e| {
+            Response::text(
+                400,
+                format!(
+                    "error processing url: {}",
+                    escape_and_elide(e.to_string().as_bytes(), 100)
+                ),
+            )
+        })
+    }
 }
 impl Debug for Request {
     fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> Result<(), core::fmt::Error> {

tests/urlencoded.rs

@@ -5,6 +5,49 @@ use crate::test_util::TestServer;
 use serde::Deserialize;
 use servlin::Response;
 
+#[test]
+fn parse_url() {
+    let server = TestServer::start(|req| {
+        #[derive(Deserialize)]
+        struct Input {
+            num: usize,
+            msg: String,
+        }
+        let input: Input = match req.parse_url() {
+            Ok(input) => input,
+            Err(response) => return response,
+        };
+        assert_eq!(111, input.num);
+        assert_eq!("aaa", input.msg.as_str());
+        Response::redirect_303("/")
+    })
+    .unwrap();
+    assert_eq!(
+        server
+            .exchange("M /?num=111&msg=aaa HTTP/1.1\r\n\r\n")
+            .unwrap(),
+        "HTTP/1.1 303 See Other\r\ncontent-length: 0\r\nlocation: /\r\n\r\n",
+    );
+    assert_eq!(
+        server
+            .exchange("M /?num=not_an_integer&msg=aaa HTTP/1.1\r\n\r\n")
+            .unwrap(),
+        "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 51\r\n\r\nerror processing url: invalid digit found in string",
+    );
+    assert_eq!(
+        server
+            .exchange("M /? HTTP/1.1\r\n\r\n")
+            .unwrap(),
+        "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 41\r\n\r\nerror processing url: missing field `num`",
+    );
+    assert_eq!(
+        server
+            .exchange("M / HTTP/1.1\r\n\r\n")
+            .unwrap(),
+        "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 41\r\n\r\nerror processing url: missing field `num`",
+    );
+}
+
 #[test]
 fn urlencoded() {
     let server = TestServer::start(|req| {